Merge pull request #1905 from coreos-inc/external-auth-search

Add support for entity search against external auth users not yet linked
2016-10-27 16:06:42 -04:00 · 2016-10-27 16:06:42 -04:00 · 934cdecbd6
commit 934cdecbd6
parent 9af5c26269 b3d1d7227c
16 changed files with 817 additions and 100 deletions
--- a/static/directives/config/config-setup-tool.html
+++ b/static/directives/config/config-setup-tool.html
@ -523,6 +523,15 @@

        <!--  Keystone Authentication -->
        <table class="config-table" ng-if="config.AUTHENTICATION_TYPE == 'Keystone'">
+          <tr>
+            <td>Keystone API Version:</td>
+            <td>
+              <select ng-model="config.KEYSTONE_AUTH_VERSION">
+                <option value="2">2.0</option>
+                <option value="3">V3</option>
+              </select>
+            </td>
+          </tr>
          <tr>
            <td>Keystone Authentication URL:</td>
            <td>
@ -573,20 +582,6 @@
        </div>

        <table class="config-table" ng-if="config.AUTHENTICATION_TYPE == 'JWT'">
-          <tr>
-            <td>User Verification Endpoint:</td>
-            <td>
-              <span class="config-string-field" binding="config.JWT_VERIFY_ENDPOINT"
-                    pattern="http(s)?://.+"></span>
-              <div class="help-text">
-              The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
-              </div>
-
-              <div class="help-text" style="margin-top: 6px;">
-              Credentials will be sent in the <code>Authorization</code> header as Basic Auth, and this endpoint should return <code>200 OK</code> on success (or a <code>4**</code> otherwise).
-              </div>
-            </td>
-          </tr>
          <tr>
            <td>Authentication Issuer:</td>
            <td>
@ -606,6 +601,50 @@
              </div
            </td>
          </tr>
+          <tr>
+            <td>User Verification Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_VERIFY_ENDPOINT"
+                    pattern="http(s)?://.+"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              Credentials will be sent in the <code>Authorization</code> header as Basic Auth, and this endpoint should return <code>200 OK</code> on success (or a <code>4**</code> otherwise).
+              </div>
+            </td>
+          </tr>
+          <tr>
+            <td>User Query Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_QUERY_ENDPOINT"
+                    pattern="http(s)?://.+" is-optional="true"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for looking up
+              users based on a prefix query. This is optional.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              The prefix query will be sent as a query parameter with name <code>query</code>.
+              </div>
+            </td>
+          </tr>
+          <tr>
+            <td>User Lookup Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_GETUSER_ENDPOINT"
+                    pattern="http(s)?://.+" is-optional="true"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for looking up
+              a user by username or email address.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              The username or email address will be sent as a query parameter with name <code>username</code>.
+              </div>
+            </td>
+          </tr>
        </table>

        <!-- LDAP Authentication -->
--- a/static/js/directives/ui/entity-search.js
+++ b/static/js/directives/ui/entity-search.js
@ -148,6 +148,18 @@ angular.module('quay').directive('entitySearch', function () {
      };

      $scope.setEntityInternal = function(entity, updateTypeahead) {
+        // If the entity is an external entity, convert it to a known user via an API call.
+        if (entity.kind == 'external') {
+          var params = {
+            'username': entity.name
+          };
+
+          ApiService.linkExternalUser(null, params).then(function(resp) {
+            $scope.setEntityInternal(resp['entity'], updateTypeahead);
+          }, ApiService.errorDisplay('Could not link external user'));
+          return;
+        }
+
        if (updateTypeahead) {
          $(input).typeahead('val', $scope.autoClear ? '' : entity.name);
        } else {
@ -193,7 +205,7 @@ angular.module('quay').directive('entitySearch', function () {
                var entity = data.results[i];

                var found = 'user';
-                if (entity.kind == 'user') {
+                if (entity.kind == 'user' || entity.kind == 'external') {
                  found = entity.is_robot ? 'robot' : 'user';
                } else if (entity.kind == 'team') {
                  found = 'team';
@ -276,6 +288,8 @@ angular.module('quay').directive('entitySearch', function () {
              template = '<div class="entity-mini-listing">';
              if (datum.entity.kind == 'user' && !datum.entity.is_robot) {
                template += '<i class="fa fa-user fa-lg"></i>';
+              } else if (datum.entity.kind == 'external') {
+                template += '<i class="fa fa-user fa-lg"></i>';
              } else if (datum.entity.kind == 'user' && datum.entity.is_robot) {
                template += '<i class="fa ci-robot fa-lg"></i>';
              } else if (datum.entity.kind == 'team') {